CVE-2022-38099

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-38099
Improper input validation in BIOS firmware for some Intel(R) NUC 11 Compute Elements before version EBTGL357.0065 may allow a privileged user to potentially enable escalation of privilege via local access.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:intel:nuc_11_compute_element_cm11ebi38w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc_11_compute_element_cm11ebi38w:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:intel:nuc_11_compute_element_cm11ebc4w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc_11_compute_element_cm11ebc4w:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:intel:nuc_11_compute_element_cm11ebi58w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc_11_compute_element_cm11ebi58w:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:intel:nuc_11_compute_element_cm11ebv58w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc_11_compute_element_cm11ebv58w:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:intel:nuc_11_compute_element_cm11ebi716w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc_11_compute_element_cm11ebi716w:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:intel:nuc_11_compute_element_cm11ebv716w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc_11_compute_element_cm11ebv716w:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:intel:nuc11dbbi9_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc11dbbi9:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:intel:nuc11dbbi7_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc11dbbi7:-:*:*:*:*:*:*:*
History

08 Aug 2023, 14:21

Type Values Removed Values Added
CWE NVD-CWE-noinfo CWE-20

16 Nov 2022, 17:00

Type Values Removed Values Added
CWE NVD-CWE-noinfo
First Time Intel nuc 11 Compute Element Cm11ebc4w Firmware
Intel nuc11dbbi9
Intel nuc 11 Compute Element Cm11ebv716w Firmware
Intel nuc 11 Compute Element Cm11ebv716w
Intel nuc 11 Compute Element Cm11ebi716w
Intel nuc 11 Compute Element Cm11ebi38w Firmware
Intel nuc11dbbi9 Firmware
Intel nuc 11 Compute Element Cm11ebv58w
Intel nuc11dbbi7 Firmware
Intel nuc 11 Compute Element Cm11ebi58w Firmware
Intel nuc11dbbi7
Intel nuc 11 Compute Element Cm11ebi716w Firmware
Intel nuc 11 Compute Element Cm11ebv58w Firmware
Intel nuc 11 Compute Element Cm11ebi58w
Intel nuc 11 Compute Element Cm11ebc4w
Intel nuc 11 Compute Element Cm11ebi38w
Intel
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.8
CPE cpe:2.3:h:intel:nuc_11_compute_element_cm11ebi38w:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc_11_compute_element_cm11ebv716w:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc11dbbi9:-:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc11dbbi7:-:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc_11_compute_element_cm11ebi716w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc_11_compute_element_cm11ebi58w:-:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc_11_compute_element_cm11ebi58w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc_11_compute_element_cm11ebv58w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc_11_compute_element_cm11ebi38w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc11dbbi7_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc_11_compute_element_cm11ebc4w:-:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc_11_compute_element_cm11ebv716w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc_11_compute_element_cm11ebv58w:-:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc11dbbi9_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:nuc_11_compute_element_cm11ebi716w:-:*:*:*:*:*:*:*
cpe:2.3:o:intel:nuc_11_compute_element_cm11ebc4w_firmware:*:*:*:*:*:*:*:*
References (MISC) https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html - (MISC) https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html - Vendor Advisory

11 Nov 2022, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2022-11-11 16:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-38099

Mitre link : CVE-2022-38099

CVE.ORG link : CVE-2022-38099

JSON object : View

Products Affected

intel

  • nuc_11_compute_element_cm11ebv58w
  • nuc11dbbi7_firmware
  • nuc11dbbi7
  • nuc_11_compute_element_cm11ebc4w_firmware
  • nuc_11_compute_element_cm11ebi716w
  • nuc11dbbi9_firmware
  • nuc11dbbi9
  • nuc_11_compute_element_cm11ebc4w
  • nuc_11_compute_element_cm11ebv58w_firmware
  • nuc_11_compute_element_cm11ebi716w_firmware
  • nuc_11_compute_element_cm11ebi38w
  • nuc_11_compute_element_cm11ebv716w
  • nuc_11_compute_element_cm11ebi58w_firmware
  • nuc_11_compute_element_cm11ebv716w_firmware
  • nuc_11_compute_element_cm11ebi58w
  • nuc_11_compute_element_cm11ebi38w_firmware
CWE
CWE-20

Improper Input Validation